From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 24 20:38:21 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D59116A4D0 for ; Tue, 24 Aug 2004 20:38:21 +0000 (GMT) Received: from mail.esoltani.com (fwnat.esoltani.com [67.120.127.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4BC543D55 for ; Tue, 24 Aug 2004 20:38:20 +0000 (GMT) (envelope-from patrick@esoltani.com) Received: from localhost (localhost [127.0.0.1]) by mail.esoltani.com (Postfix) with ESMTP id 403C28FC3C; Tue, 24 Aug 2004 13:38:20 -0700 (PDT) Received: from mail.esoltani.com ([127.0.0.1]) by localhost (baba.esoltani.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 77560-02; Tue, 24 Aug 2004 13:38:17 -0700 (PDT) Received: from [192.168.1.105] (khanoom.esoltani.com [192.168.1.105]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.esoltani.com (Postfix) with ESMTP id 402F88FC1F; Tue, 24 Aug 2004 13:38:17 -0700 (PDT) Message-ID: <412BA814.9060406@esoltani.com> Date: Tue, 24 Aug 2004 13:41:56 -0700 From: patrick User-Agent: Mozilla Thunderbird 0.7.3 (Windows/20040803) X-Accept-Language: en-us, en MIME-Version: 1.0 To: fbsd-ipfw@0x10.com References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at esoltani.com cc: freebsd-ipfw@freebsd.org Subject: Re: natd and ipfw problems...hope this is the right place=) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2004 20:38:21 -0000 fbsd-ipfw@0x10.com wrote: > Diagram: > .oO( Internet )Oo. > || > || > [----DSL------] > [ adsl router ] <- No Nat > [-------------] > | | > | | > | | > B A > [--------WL-------] [---BSD---] > NAT -> [ wireless router ] [ bsd box ] > [-----------------] [---------] > X > | | | > | | | > | |___________| > Y > [---------WEB--------] > [ web server + media ] > [--------------------] > IP Addresses: > A: External IP 82.*.*.A > B: External IP 82.*.*.B > X: Internal IP 192.168.1.101 > Y: Internal IP 192.168.1.100 Hi, How the wireless is configured? i.e., does it accept incoming requests from Internet for the webserver? If the wireless IS NOT accepting any incoming requests for the web server from the Internet then something like the following should do the trick: *BSD* box: build it as NATD and IPFW machine. - Assign your public web IP as an alias to the external NIC, so the outside world will hit your BSD box for the web pages. In /etc/rc.conf add; assuming your public web server is at 82.82.82.82. Note the netmask which is what ALL the aliased ips should have. Also assuming you have fxp0 as your External Interface on the BSD box. ifconfig_fxp0_alias0="inet 82.82.82.82 netmask 255.255.255.255" natd_enable="YES" natd_interface="fxp0" natd_flags="-f /etc/natd.conf" - In your /etc/natd.conf add redirect_port tcp 192.168.1.100:80 82.82.82.82:80 -Adjust your ipfw rules to allow port 80 for the public ip and private ip to your liking. *WEB* box: make it's default gateway the BSD box, i.e., the internal interface on the BSD box will be the default route for the WEB box. Since the Wireless and the BSD box are on the same LAN/network, your wireless clients should have no problem reaching the web server. I am sure there are other ways of doing this, but this a good start. Regards, Patrick Soltani.